Always make explicit which tables to lock (#3058)

Co-authored-by: Richard Schreiber <schreiber@rami.io>
2023-01-25 11:44:11 +01:00
parent 8ca128912e
commit 3c1f3a26cf
16 changed files with 59 additions and 34 deletions
--- a/src/pretix/plugins/stripe/payment.py
+++ b/src/pretix/plugins/stripe/payment.py
@@ -63,6 +63,7 @@ from pretix.base.payment import BasePaymentProvider, PaymentException
 from pretix.base.plugins import get_all_plugins
 from pretix.base.services.mail import SendMailException
 from pretix.base.settings import SettingsSandbox
+from pretix.helpers import OF_SELF
 from pretix.helpers.urls import build_absolute_uri as build_global_uri
 from pretix.multidomain.urlreverse import build_absolute_uri, eventreverse
 from pretix.plugins.stripe.forms import StripeKeyValidator
@@ -586,7 +587,7 @@ class StripeMethod(BasePaymentProvider):
        self._init_api()

        payment_info = refund.payment.info_data
-        OrderPayment.objects.select_for_update().get(pk=refund.payment.pk)
+        OrderPayment.objects.select_for_update(of=OF_SELF).get(pk=refund.payment.pk)

        if not payment_info:
            raise PaymentException(_('No payment information found.'))
--- a/src/pretix/plugins/stripe/views.py
+++ b/src/pretix/plugins/stripe/views.py
@@ -64,6 +64,7 @@ from pretix.control.permissions import (
 )
 from pretix.control.views.event import DecoupleMixin
 from pretix.control.views.organizer import OrganizerDetailViewMixin
+from pretix.helpers import OF_SELF
 from pretix.multidomain.urlreverse import build_absolute_uri, eventreverse
 from pretix.plugins.stripe.forms import OrganizerStripeSettingsForm
 from pretix.plugins.stripe.models import ReferencedStripeObject
@@ -297,13 +298,13 @@ def charge_webhook(event, event_json, charge_id, rso):

    with transaction.atomic():
        if payment:
-            payment = OrderPayment.objects.select_for_update().get(pk=payment.pk)
+            payment = OrderPayment.objects.select_for_update(of=OF_SELF).get(pk=payment.pk)
        else:
            payment = order.payments.filter(
                info__icontains=charge['id'],
                provider__startswith='stripe',
                amount=prov._amount_to_decimal(charge['amount']),
-            ).select_for_update().last()
+            ).select_for_update(of=OF_SELF).last()
        if not payment:
            payment = order.payments.create(
                state=OrderPayment.PAYMENT_STATE_CREATED,
@@ -393,13 +394,13 @@ def source_webhook(event, event_json, source_id, rso):
            payment = None

        if payment:
-            payment = OrderPayment.objects.select_for_update().get(pk=payment.pk)
+            payment = OrderPayment.objects.select_for_update(of=OF_SELF).get(pk=payment.pk)
        else:
            payment = order.payments.filter(
                info__icontains=src['id'],
                provider__startswith='stripe',
                amount=prov._amount_to_decimal(src['amount']) if src['amount'] is not None else order.total,
-            ).select_for_update().last()
+            ).select_for_update(of=OF_SELF).last()
        if not payment:
            payment = order.payments.create(
                state=OrderPayment.PAYMENT_STATE_CREATED,
@@ -534,7 +535,7 @@ class ReturnView(StripeOrderView, View):

        with transaction.atomic():
            self.order.refresh_from_db()
-            self.payment = OrderPayment.objects.select_for_update().get(pk=self.payment.pk)
+            self.payment = OrderPayment.objects.select_for_update(of=OF_SELF).get(pk=self.payment.pk)
            if self.payment.state == OrderPayment.PAYMENT_STATE_CONFIRMED:
                if 'payment_stripe_token' in request.session:
                    del request.session['payment_stripe_token']